System: Windows XP Home, .NET Framework SDK 2.0, Monad beta3
If login as a member of Administrators group, MSH.exe runs perfectly.
I am writing "su.msh" script (go to http://mshforfun.blogspot.com/
for detail)
There is a non-privilege user "testac" who belong to Users and
Everyone group. When login as "testac", msh.exe launched OK. If
you login as a member of Administrators group and try to launch msh.exe
(within a msh window of course) using RUNAS.exe (runas /profile
/User:testac msh.exe), msh.exe launched OK.
Problem really come out when you using get-credential cmdlet and pass
Username and Password to Process.Start() method.
$SuAccount = get-credential
$StartInfo = new-object System.Diagnostics.ProcessStartInfo
$StartInfo.FileName = "msh.exe"
$StartInfo.Arguments = "-nologo -noprofile"
$StartInfo.UserName = $SuAccount.UserName
$StartInfo.Password = $SuAccount.Password
$StartInfo.LoadUserProfile = $true
$StartInfo.UseShellExecute = $false
$StartInfo.WorkingDirectory = (get-location).Path
[System.Diagnostics.Process]::Start($StartInfo)
First time you run script:
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
Exception calling "Start" with "1" argument(s): "Logon failure: unknown
user name or bad password"
At D:\msh\su.msh:11 char:36
+ [System.Diagnostics.Process]::Start( <<<< $StartInfo)
Second time you run script:
No error, works like runas
Third time you run script:
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
Exception calling "Start" with "1" argument(s): "Logon failure: unknown
user name or bad password"
At D:\msh\su.msh:11 char:36
+ [System.Diagnostics.Process]::Start( <<<< $StartInfo)
Fourth time you run script:
No error, works like runas
Fifth time you run script:
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
Exception calling "Start" with "1" argument(s): "Logon failure: unknown
user name or bad password"
At D:\msh\su.msh:11 char:36
+ [System.Diagnostics.Process]::Start( <<<< $StartInfo)
So you see patterns here? I don't have detailed trace information,
but I am pretty sure there is something wrong with get-credential
cmdlet (or maybe it is Process.Start() method). Or it is simply a bug?
Otherwise you get in a loop between the Shell's(bug filed)
See, also :
http://mow001.blogspot.com/2005/10/do-msh-cmd-msh-loop-runas-in-msh.html
http://mow001.blogspot.com/2005/10/runas-with-loading-profile-script-in.html
think this is happening here also.
try changing a dir and then do a LS to test this.
gr /\/\o\/\/
new-property HKLM:\SOFTWARE\Microsoft\MSH\1\ShellIds -property
ConsolePrompting -value "True" -force
and try you script again, If I use the GUI I have the same effect.
as you have.
MSH>$cred = get-credential
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
User: test
Password for user test: *******
MSH>$PSI = new-object System.Diagnostics.ProcessStartInfo
MSH>$psi.LoadUserProfile = $true
MSH>$psi.filename = "MSH.exe"
MSH>$psi.UseShellExecute = $false
MSH>
MSH>$psi.Username = $cred.userName
MSH>$psi.Password = $cred.Password
MSH>
MSH>[System.Diagnostics.Process]::start($PSI)
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
12 1 324 1032 14 0,03 5916 msh
MSH>[System.Diagnostics.Process]::start($PSI)
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,02 5972 msh
MSH>[System.Diagnostics.Process]::start($PSI)
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,02 628 msh
MSH>[System.Diagnostics.Process]::start($PSI)
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,03 3420 msh
So, I think this is a bug in the CredUI.
gr /\/\o\/\/
I will try the ConsolePrompting mode of get-credential.
The difference in behaviour (between CredUI and the console prompting) is that CredUI returns us a username with "\" prepended. As in "\testac". This is another valid form of the same username.
When we pass that to the Process.Start method, it has intermittent difficulty dealing with that form of a username. You'll see the same effect if you prepend your username with a "\" from the Console prompting.
Interestingly enough, you won't see the problem happen if you keep the first successful console window open.
--
Lee Holmes [MSFT]
Microsoft Command Shell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.